<?php
include '../common.php';
$name =trim($_POST['name']);
$password = trim($_POST['password']);
$code = trim($_POST['code']);

if (empty($name)) {
	exit('用户名不能为空');
}
if (empty($password)) {
	exit('密码不能为空');
}
if (empty($code )) {
	exit('验证码不能为空');
}

if ($code !== $_SESSION['code']) {
	unset($_SESSION['code']);
	exit('验证码不正确');
}
unset($_SESSION['code']);

$sql  = "SELECT * FROM user WHERE name = '{$name}'";
$row = select($sql,$DB);
if (!$row) {
	exit('用户名不存在');
}
$password = md5($password);
if ($password != trim($row[0]['password'])) {
	exit('密码不正确');
}
$_SESSION['user'] = (int)$row[0]['user'];
$_SESSION['admin'] = $row[0]['name'];

if (empty($_SESSION['admin'])) {
	exit('登陆失败');
}
header("location:../main.php",302);//链接后台主页
